DNS not working intermitently

Turris 1.1, TOS 5.1.7 HBS

Connected computers sometimes start having issues with DNS. Pinging 8.8.8.8 wors but pinging www.seznam.cz does not work. Rebooting router helps sometimes.

What i found out always immediately helps is to go to ReForis - DNS and select a different DNS provider. It does not matter which one I select, doing the change and save immediately fixes the problem. I have DNS forwarding on and i switched off the DNSSEC (did not help).

It happened today and two days ago. It is not very frequent but very annoying. Any idea what to do ? Let me know what to check when it happens again.

Thanks

Same problem today morning. Computers in LAN unable to access web pages due to DNS not working. After changing the DNS provider in Turris and save, it started immediately working again.

Any idea?

PS: i see plenty of unbound errors in the log. But i see them both when there was a problem and also now when DNS is working fine. I have IPv6 disabled for WAN as the provider was having problems with it.

Jan 29 07:41:04 turris unbound: [19189:0] error: outgoing tcp: connect: Permission denied for 2001:148f:ffff::1 port 853

I think these log lines are unrelated to the problems. Ticket: https://gitlab.nic.cz/turris/turris-os-packages/-/issues/463

OK. What information should i capture next time it happens to help to solve the DNS problem issue?

When i switched off the DNS forwarding it started to work fine (so far). So probably something wrong in the DNS forwarding…

1 Like

I had similar issues recently as well. Hard coding my workstation to 1.1.1.1 or 8.8.8.8 instead of DHCP provided values fixed the issues. Monkeyed with some DNS settings trying to get things fixed correctly on the router, then realized I was on a 4.x version & upgraded to Here Be Kittens. I guess some of the auto-upgrade stuff hadn’t been working. 5.x seems to have options to override the ISP provided DNS & use Cloudflare or others. Not sure if it was any of my monkeying around, or switching to Cloudflare as my upstream DNS in the newer version of Turris. At any rate it’s working now.

I also have this problem where occasionally a specific site doesn’t want to resolve on a specific upstream provider. I solve it the same way: change provider. It happens very infrequently so it doesn’t bother me much, and I usually put it down so some transient messed up and then corrected DNS configuration by the domain owner, where the correction has already propagated to some providers and not yet to other. However it is strange that it’s only started to happen since I got the Omnia. I used 1.1.1.1 for a long time before and never saw this problem.

I suspect this topic is accumulating various kinds of DNS problems.

Note that the original post is for Turris 1.x HW which has never been “distributed normally” (just lent as part of a security research project in CZ and later allowed to be kept by participants). A significant DNS difference of 1.x is that it uses Unbound whereas all other Turrises use Knot Resolver (by default). I don’t know Unbound too well.

Generally, if you have DNS issues, I’d personally first try other forwarding setting than the default. (see (re)Foris UI, DNS tab) I think it’s not rare to encounter ISP servers that have issues in edge cases when obtaining DNSSEC records. My favorite mode is without forwarding, but forwarding to anyone from the list should also be reliable (and it’s even better in case ISP intercepts DNS).

1 Like

My original post is really about turris 1.1 but running the Turris OS 5.1.8 now. That is the same as the omnia routers.

Is there a way top propagate to clients the upstream DNS directly without forwarding it? The client would have 1.1.1.1 and 8.8.8.8 (secondary) directly from DHCP. That would fix any possible router issue and i would not have to set it up manually on each client.

btw now it seems stable when Turris is resolving the DNS queries. DNS forwarding was freezing daily.

I think that would be luci / interfaces / LAN - edit / DHCP / Advanced / DHCP-options – and there put 6,1.1.1.1,8.8.8.8.

Thank you.

Without forwarding it was stable. Now i changed the settings to 6,1.1.1.1,8.8.8.8 so each client is independent on the router for DNS.